jgaunt/homelab-scripts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
699c28910bf4d0be97cbae3bc95a86e717a903d3
homelab-scripts/domainjoin.sh

53 lines
2.1 KiB
Bash
Raw Blame History

#!/bin/bash
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit
fi
# ask for the domain, username, and password
read -e -p "Enter Domain name: " -i "home.johnhgaunt.com" domain
read -e -p "Enter netBIOS name: " -i "GAUNT" netbiosname
read -e -p "Enter Domain Admin username: " -i "jgaunto" username
read -e -s -p "Enter Password: " password
# get OS ditro and version
OS=$(hostnamectl | awk '/Operating System/ {print $3}')
if [ "${OS}" == "Ubuntu" ]; then
OS_VER=$(hostnamectl | awk '/Operating System/ {print $4}')
else
OS_VER=$(hostnamectl | awk '/Operating System/ {print $5}')
fi
# set os name and version for when the computer joins AD
echo "[active-directory]" > /etc/realmd.conf
echo "os-name = ${OS}" >> /etc/realmd.conf
echo "os-version = ${OS_VER}" >> /etc/realmd.conf
# join the computer to the domain
if [ ${OS} == "Debian" ] || [ ${OS} == "Ubuntu" ]; then
echo ${password} | realm join -U ${username} --install=/ ${domain}
echo " " >> /etc/pam.d/common-session
echo "#oddjob-mkhomedir manual entry" >> /etc/pam.d/common-session
echo "session optional pam_oddjob_mkhomedir.so skel=/etc/skel/ umask=0022" >> /etc/pam.d/common-session
elif [ "${OS}" == "CentOS" ]; then
echo ${password} | realm join -U ${username} ${domain}
fi
# set the sssd options
# don't require the full domain for the usernames
sed --in-place 's/^use_fully_qualified_names = True/use_fully_qualified_names = False/' /etc/sssd/sssd.conf
# set home directory to /home/<username>
sed --in-place 's/^fallback_homedir = \/home\/%u@%d/fallback_homedir = \/home\/%u/' /etc/sssd/sssd.conf
# change the provider to simple and then only allow the server admins to login
sed --in-place 's/^access_provider = ad/access_provider = simple\nsimple_allow_groups = Server Admins/' /etc/sssd/sssd.conf
# reboot sssd
systemctl restart sssd
# set the sudoers.d file for the server admins
echo "## ${netbiosname} Admins ##" > /etc/sudoers.d/${netbiosname}
echo "# Allow members of ${netbiosname}\Server Admins group sudo access" >> /etc/sudoers.d/${netbiosname}
echo "%Server\ Admins ALL=(ALL:ALL) ALL" >> /etc/sudoers.d/${netbiosname}
Reference in New Issue View Git Blame Copy Permalink